update actions

mitre · Jul 8, 2024 · 5ce6de2 · 5ce6de2
1 parent 41684a0
commit 5ce6de2
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 32 deletions.
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -26,6 +26,9 @@ jobs:
           npm install -g @mitre/saf
           curl -L https://omnitruck.cinc.sh/install.sh | sudo bash -s -- -P cinc-auditor
 
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
       - name: Clone Repository
         uses: actions/checkout@v4
 

diff --git a/mongo-validate.pkr.hcl b/mongo-validate.pkr.hcl
@@ -59,37 +59,28 @@ build {
   name    = "validate"
   sources = ["source.docker.hardened"]
 
-  # docker ps
-  provisioner "shell-local" {
-    inline = [
-      "docker ps -a",
-      "docker exec mongo-hardened sh -c 'ls'",
-      "cinc-auditor detect -t docker://mongo-hardened",
-      "docker ps -a"
-    ]
-  }
-
-  ### SCAN
+  // # docker ps
   // provisioner "shell-local" {
-  //   environment_vars = [
-  //     "PROFILE=${var.scan.inspec_profile}",
-  //     "CONTAINER_ID=${var.input_hardened_image.name}",
-  //     "REPORT_DIR=${var.scan.report_dir}",
-  //     "REPORT_FILE=${var.scan.inspec_report_filename}",
-  //     "INPUT_FILE=${var.scan.inspec_input_file}",
-  //     "TARGET_IMAGE=${var.input_hardened_image.name}",
+  //   inline = [
+  //     "docker ps -a",
+  //     "docker exec mongo-hardened sh -c 'ls'",
+  //     "inspec detect -t docker://mongo-hardened",
+  //     "docker ps -a"
   //   ]
-  //   valid_exit_codes = [0, 100, 101] # inspec has multiple valid exit codes
-  //   script           = "spec/scripts/scan.sh"
   // }
 
-  # docker ps
+  ### SCAN
   provisioner "shell-local" {
-    inline = [
-      "docker ps -a",
-      "cinc-auditor detect -t docker://mongo-hardened",
-      "docker ps -a"
+    environment_vars = [
+      "PROFILE=${var.scan.inspec_profile}",
+      "CONTAINER_ID=${var.input_hardened_image.name}",
+      "REPORT_DIR=${var.scan.report_dir}",
+      "REPORT_FILE=${var.scan.inspec_report_filename}",
+      "INPUT_FILE=${var.scan.inspec_input_file}",
+      "TARGET_IMAGE=${var.input_hardened_image.name}",
     ]
+    valid_exit_codes = [0, 100, 101] # inspec has multiple valid exit codes
+    script           = "spec/scripts/scan.sh"
   }
 
   ### REPORT
@@ -103,13 +94,6 @@ build {
     scripts          = ["spec/scripts/report.sh"]
   }
 
-  # docker ps
-  provisioner "shell-local" {
-    inline = [
-      "docker ps -a"
-    ]
-  }
-
   ### VERIFY
   provisioner "shell-local" {
     environment_vars = [